vulnerability

Oracle Linux: CVE-2015-3197: ELSA-2016-0301: openssl security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:H/Au:N/C:C/I:N/A:N)	2016-02-15	2016-03-04	2025-01-07

Severity

CVSS

(AV:N/AC:H/Au:N/C:C/I:N/A:N)

Published

2016-02-15

Added

2016-03-04

Modified

2025-01-07

Description

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Solution(s)

oracle-linux-upgrade-openssloracle-linux-upgrade-openssl098eoracle-linux-upgrade-openssl-develoracle-linux-upgrade-openssl-libsoracle-linux-upgrade-openssl-perloracle-linux-upgrade-openssl-static

References

CVE-2015-3197
https://attackerkb.com/topics/CVE-2015-3197
ELSA-ELSA-2016-0301
ELSA-ELSA-2016-0302
ELSA-ELSA-2016-0372

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today